<%@page import="domain.User"%>
<%@ page import="java.sql.*" %>
<html>
<head><TITLE>User Authentication</TITLE>
<script type="text/javascript">
function checkForm(){
	var flag = true;
	if(document.forms[0].elements['username'].value=='' ||
			document.forms[0].elements['password'].value==''){
		alert('User name or Password is empty');
		flag = false;
	}	
	return flag;	
}
</script>
</head>
<body BGCOLOR="#FFFFFF">
<BR><BR>
<% 
	boolean loginFlag = true, errorFlag = false;
	String username = request.getParameter("username");
	String password = request.getParameter("password");
	if(request.getParameter("username")==null || request.getParameter("username")=="" ||
		request.getParameter("password")==null || request.getParameter("password")==""){
		if(username==null)username="";
		if(password==null)password="";		
	}else{
		Connection conn = null;
		try
		{
			Class.forName("oracle.jdbc.driver.OracleDriver");
			conn = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:XE", "prabz", "yellow");
			Statement stmt = conn.createStatement();
			PreparedStatement pstmt = null;
			String sql = "SELECT * FROM login_trans WHERE UPPER(USERNAME) = UPPER('"+username+"') AND UPPER(PASSWORD) = UPPER('"+password+"') " ;
			pstmt = conn.prepareStatement(sql);
			ResultSet rs = pstmt.executeQuery();
			//Loop through results of query.			
			while(rs.next())
			{
				//Set login to false and proceed to home page
				loginFlag = false;
				//Create the user object and store it in session
				User user = new User();
				user.setUsername(rs.getString("USERNAME"));
				user.setPassword(rs.getString("PASSWORD"));
				user.setRoleId(rs.getInt("ROLE"));
				user.setEmail(rs.getString("EMAIL"));
				//typically the user name should be unique and so break here
				session.setAttribute("LOGIN_USER", user);
				break;
			}
			errorFlag = loginFlag;	//if logged in then there is no error
		}
		catch(SQLException e)
		{
			out.println("SQLException: " + e.getMessage() + "<BR>");
			while((e = e.getNextException()) != null)
			out.println(e.getMessage() + "<BR>");
			errorFlag = true;
		}
		catch(ClassNotFoundException e)
		{
			out.println("ClassNotFoundException: " + e.getMessage() + "<BR>");
			errorFlag = true;
		}
		finally
		{
			//Clean up resources, close the connection.
			if(conn != null)
			{
				try
				{
					conn.close();
				}
				catch (Exception ignored) {}
			}
		}
	%>
<%} %>
<% // If login page is the current page to be displayed
	if(loginFlag || errorFlag){ %>
	<% if(errorFlag){ %>
	<p align="center" style="color: red; "><i>Error processing the login information</i></p>
	<%} %>
	<form action="login.jsp" method="post">
		<table align="center">
			<tr>
				<td>
					User Name:&nbsp;
				</td>
				<td>
					<input type="text" name="username" value="<%=username  %>"/>
				</td>
			</tr>
			<tr>
				<td>
					Password:&nbsp;&nbsp;
				</td>
				<td>
					<input type="password" name="password" value="<%=password %>"/>
				</td>
			</tr>
			<tr>
				<td colspan="2" align="center">
					<input type="submit" name="login" value="login" onclick="return checkForm();"/>
				</td>
			</tr>
		</table>
	</form>
<% } else{ //Get to the home page %>
<jsp:forward page="menu.jsp"></jsp:forward>
<% } %>
</body>
</html>